[PR #29] ${VAR} substitution does not escape TOML-special chars in env values

[obchain]

PR: #29 (feat/04-toml-config-loader)
File: crates/charon-core/src/config.rs, lines 93-109 (substitute_env_vars)

Substitution is string-level, not TOML-aware. If env var value contains ", \, newline, or TOML comment char #, the resulting document is malformed or mis-parsed. Example:

BNB_WS_URL=wss://host/path?token="secret"&foo

After substitution, the " closes the surrounding TOML string early, remainder becomes garbage. Loader reports parse error, not "invalid env value."

Additional gaps:

1. No default-value syntax ${VAR:-default} — every var must be set even for optional fields.
2. No $$ escape for literal ${ in TOML content.
3. var_name not validated: ${} (empty) reads env var with empty name → always-error; ${WITH SPACE} lookup is quietly wrong.

Fix:

1. Before substitution, escape env value: replace \ → \\, " → \", newline → \n. Only when target context is a TOML string (detect by checking surrounding chars is complex — simplest: escape unconditionally, document that values go inside double-quoted TOML strings).
2. Support ${VAR:-default}:

   let (name, default) = match var_name.split_once(":-") { ... };

3. Validate var_name is non-empty and matches [A-Z_][A-Z0-9_]*.
4. Document escape rule in substitute_env_vars rustdoc.

[obchain]

Fixed on feat/04-toml-config-loader in 3c662d1.